Unable to renew certs on Debian 8 Jessie

inferyes · October 28, 2018, 3:36pm

I’m trying to renew my cert but run into a problem.

My domain is:
www.bellessa.be

I ran this command:
sudo certbot renew --dry-run

It produced this output:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/bellessa.be.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bellessa.be
http-01 challenge for www.bellessa.be
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/bellessa.be.conf produced an unexpected error: Failed authorization procedure. www.bellessa.be (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.bellessa.be/.well-known/acme-challenge/5I-1YJT2HGCq0zdW3uYywUBvLLHxkl5z7_mCFPOlYPA: Connection refused. Skipping.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.bellessa.be
   Type:   connection
   Detail: Fetching
   http://www.bellessa.be/.well-known/acme-challenge/5I-1YJT2HGCq0zdW3uYywUBvLLHxkl5z7_mCFPOlYPA:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):

The operating system my web server runs on is (include version):
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.11 (jessie)
Release: 8.11
Codename: jessie

My hosting provider, if applicable, is:
OVH.nl

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

More info:
sudo certbot -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot version: 0.10.2
Arguments: [’-v’]
Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
Requested authenticator None and installer None
No candidate plugin
Selected authenticator None and installer None
Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate.

I have created a file in .well-known and it is accessible:
https://bellessa.be/.well-known/1234.txt
https://www.bellessa.be/.well-known/1234.txt

JuergenAuer · October 28, 2018, 3:46pm

Hi @inferyes

the directory is /.well-known/acme-challenge, not /.well-known.

http://www.bellessa.be/.well-known/acme-challenge/5I-1YJT2HGC

is redirected to

https://administratix.be/.well-known/acme-challenge/5I-1YJT2HGC

this is another domain, but the same server, so that may work. It's not a "Connection refused" - error.

Perhaps use the --debug-challenges - option and check, where Certbot creates the file.

https://certbot.eff.org/docs/using.html

Or you should deactivate the redirect to administratix

inferyes · October 28, 2018, 3:59pm

Aha! I can work with that. Administratix.be is indeed run on the same server, but uses a different folder to serve files.

Thank you.

system · November 27, 2018, 4:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.